2 年之前 · bdc0b4de5f
--- a/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/authentication/OAuth2AuthorizationCodeAuthenticationProvider.java
+++ b/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/authentication/OAuth2AuthorizationCodeAuthenticationProvider.java
@@ -36,7 +36,6 @@ import org.springframework.security.core.Authentication;
 
				 import org.springframework.security.core.AuthenticationException;
			
 
				 import org.springframework.security.core.session.SessionInformation;
			
 
				 import org.springframework.security.core.session.SessionRegistry;
			
 
				-import org.springframework.security.oauth2.core.AbstractOAuth2Token;
			
 
				 import org.springframework.security.oauth2.core.AuthorizationGrantType;
			
 
				 import org.springframework.security.oauth2.core.ClaimAccessor;
			
 
				 import org.springframework.security.oauth2.core.ClientAuthenticationMethod;
			
@@ -155,7 +154,7 @@ public final class OAuth2AuthorizationCodeAuthenticationProvider implements Auth
 
				 
			
 
				 		if (!authorizationCode.isActive()) {
			
 
				 			if (authorizationCode.isInvalidated()) {
			
 
				-				OAuth2Authorization.Token<? extends AbstractOAuth2Token> token = authorization.getRefreshToken() != null ?
			
 
				+				OAuth2Authorization.Token<? extends OAuth2Token> token = authorization.getRefreshToken() != null ?
			
 
				 						authorization.getRefreshToken() :
			
 
				 						authorization.getAccessToken();
			
 
				 				if (token != null) {
			
--- a/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/authentication/OAuth2AuthorizationCodeAuthenticationProviderTests.java
+++ b/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/authentication/OAuth2AuthorizationCodeAuthenticationProviderTests.java
@@ -85,6 +85,7 @@ import static org.mockito.ArgumentMatchers.any;
 
				 import static org.mockito.ArgumentMatchers.eq;
			
 
				 import static org.mockito.Mockito.doAnswer;
			
 
				 import static org.mockito.Mockito.mock;
			
 
				+import static org.mockito.Mockito.never;
			
 
				 import static org.mockito.Mockito.spy;
			
 
				 import static org.mockito.Mockito.times;
			
 
				 import static org.mockito.Mockito.verify;
			
@@ -283,16 +284,15 @@ public class OAuth2AuthorizationCodeAuthenticationProviderTests {
 
				 		assertThat(updatedAuthorization.getRefreshToken().isInvalidated()).isTrue();
			
 
				 	}
			
 
				 
			
 
				-	// gh PR 1233
			
 
				+	// gh-1233
			
 
				 	@Test
			
 
				-	public void authenticateWhenInvalidatedCodeAndNullRefreshAndAccessTokensThenThrowOAuth2AuthenticationException() {
			
 
				+	public void authenticateWhenInvalidatedCodeAndAccessTokenNullThenThrowOAuth2AuthenticationException() {
			
 
				 		RegisteredClient registeredClient = TestRegisteredClients.registeredClient().build();
			
 
				 		OAuth2AuthorizationCode authorizationCode = new OAuth2AuthorizationCode(
			
 
				 				AUTHORIZATION_CODE, Instant.now(), Instant.now().plusSeconds(120));
			
 
				 		OAuth2Authorization authorization = TestOAuth2Authorizations.authorization(registeredClient, authorizationCode)
			
 
				 				.token(authorizationCode, (metadata) -> metadata.put(OAuth2Authorization.Token.INVALIDATED_METADATA_NAME, true))
			
 
				 				.build();
			
 
				-
			
 
				 		when(this.authorizationService.findByToken(eq(AUTHORIZATION_CODE), eq(AUTHORIZATION_CODE_TOKEN_TYPE)))
			
 
				 				.thenReturn(authorization);
			
 
				 
			
@@ -308,6 +308,8 @@ public class OAuth2AuthorizationCodeAuthenticationProviderTests {
 
				 				.extracting(ex -> ((OAuth2AuthenticationException) ex).getError())
			
 
				 				.extracting("errorCode")
			
 
				 				.isEqualTo(OAuth2ErrorCodes.INVALID_GRANT);
			
 
				+
			
 
				+		verify(this.authorizationService, never()).save(any());
			
 
				 	}
			
 
				 
			
 
				 	// gh-290